<?php
	require('../Model/mysql.php');
	require('../host_config.php');
	session_start();
	if (!isset($_SESSION['shopid']) && isset($_SESSION['flag'])) {
    	echo "<script language='javascript'>";
        echo "alert('You have no permission to read this page!');";
        echo "history.back();";
        echo "</script>";
        header("location:../login.php");
	}else if($_SESSION['flag'] == "2") {
    	header("location:../used/select.php?id=".$_GET['id']);
	}else if($_SESSION['shopid'] != $_GET['id']) {
    	header("location:../used/select.php?id=".$_SESSION['shopid']);
    }else {
		$uid = $_SESSION['uid'];
    }
?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
</html>
<?php
	$mysql = new MySQL();
	$link = $mysql->connect($mysql_host, $mysql_user, $mysql_passwd, $mysql_db);
	if (!isset($_SESSION['uid'])) {
    	echo "<script language='javascript'>";
    	echo "alert('You have no permission to read this page!');";
    	echo "history.back();";
    	echo "</script>";
    	header("location:../login.php");
    }else {
		$name = $_POST["name"];          //varchar(30)
		$name = mysql_real_escape_string($name);
		$length = strlen($name);
		if ($length > 30) {
			echo "<script language='javascript'>";
        	echo "alert('店家名稱字數大於10個字');";
        	echo "history.back();";
        	echo "</script>";
        	die();
		}
		$second_name = $_POST["second_name"];          //varchar(20)
        $second_name = mysql_real_escape_string($second_name);
        $length = strlen($second_name);
        if ($length > 20) {
            echo "<script language='javascript'>";
            echo "alert('分店名稱字數大於6個字');";
            echo "history.back();";
            echo "</script>";
            die();
        }
		if ($second_name == "無" || $second_name == NULL)
			$fullname = $name;
		else
			$fullname = $name.$second_name;
		$address = $_POST["address"];    //varchar(60)
		$address = mysql_real_escape_string($address);
		$length = strlen($address);
		if ($length > 60) {
			echo "<script language='javascript'>";
        	echo "alert('地址字數大於30個字');";
        	echo "history.back();";
        	echo "</script>";
        	die();
		}
		$tel = $_POST["tel"];            //varchar(13)
		$tel = mysql_real_escape_string($tel);
		$length = strlen($tel);
		if ($tel{0} == '0' && $tel{1} !='9') {
			//if ($tel{2} != '-' || $tel{7} != '-') {
			if ($tel{2} != '-') {
				echo "<script language='javascript'>";
	        	echo "alert('電話格式有誤');";
	        	echo "history.back();";
	        	echo "</script>";
	        	die();
		    }
		}else if ($tel{4} != '-' || $tel{8} != '-') {
			echo "<script language='javascript'>";
		    echo "alert('手機格式有誤');";
		    echo "history.back();";
		    echo "</script>";
		    die();
		}
		$memo = $_POST["content"];    //varchar(255)
		$memo = mysql_real_escape_string($memo);
		$length = strlen($memo);
		if ($length > 255) {
			echo "<script language='javascript'>";
	        echo "alert('字數大於85個字，請簡短介紹');";
	        echo "history.back();";
	        echo "</script>";
	        die();
		}
		$food1 = $_POST["food1_txt"];//varchar(20)
		$food1 = mysql_real_escape_string($food1);
		$food2 = $_POST["food2_txt"];//varchar(20)
		$food2 = mysql_real_escape_string($food2);
		$food3 = $_POST["food3_txt"];//varchar(20)
		$food3 = mysql_real_escape_string($food3);
		$food4 = $_POST["food4_txt"];//varchar(20)
		$food4 = mysql_real_escape_string($food4);
		$maxofnumber = $_POST["max_number"];
		$maxofnumber = mysql_real_escape_string($maxofnumber);
		if ($maxofnumber == NULL) {
			echo "<script language='javascript'>";
	        echo "alert('最大座位數需要填寫');";
	        echo "history.back();";
	        echo "</script>";
	        die();
		}else if ($maxofnumber == 0) {
			echo "<script language='javascript'>";
	        echo "alert('最大座位數不可填寫0');";
	        echo "history.back();";
	        echo "</script>";
	        die();
		}
		$perordernumber = $_POST["single_number"];
		$perordernumber = mysql_real_escape_string($perordernumber);
		if ($perordernumber == NULL) {
			echo "<script language='javascript'>";
	        echo "alert('單比訂位數需要填寫');";
	        echo "history.back();";
	        echo "</script>";
	        die();
		}else if ($perordernumber == 0) {
			echo "<script language='javascript'>";
	        echo "alert('單比訂位數不可填寫0');";
	        echo "history.back();";
	        echo "</script>";
	        die();
		}else if ($perordernumber > $maxofnumber) {
			echo "<script language='javascript'>";
			echo "alert('單比訂位數不可大於最大座位數');";
			echo "history.back();";
			echo "</script>";
			die();
		}
		$sql = "SELECT `fullname` FROM `Shops` WHERE `fullname` = '$fullname'";
		$row = $mysql->query_row($sql, $link);
		if ($row[0] != NULL) {
        	echo "<script language='javascript'>";
            echo "alert('店名重複');";
            echo "history.back();";
            echo "</script>";
            die();
        }

		$upload_path = "uploads/";
	 	$possible = "_0123456789"."abcdefghijklmnopqrstuvwxyz"."ABCDEFGHIJKLMNOPQRSTUVWXYZ";
	 	$temp = 0;
	 	$count = 0;
	    /*temp 用於計算檔案上傳的錯誤
	   	店面照片已有進行驗證
	   	如果照片未上傳擇$temp++
	    如果附檔名有誤$temp = 10
	    如果上傳檔案大小有誤$temp = 20
	    如上傳失敗$temp = 30
	    */
	    $max_size = 4*1024; //限制可檔案大小為4KB
	    $total_uploads = 5;
    	$limitedext = array("bmp","gif","jpg","jpeg","png");//設定可上傳的檔案類型(副檔名)
    	$file = array(NULL, NULL, NULL, NULL, NULL);
    	for ($i = 0; $i < $total_uploads; $i++) {
	 		$str = ""; 
			while(strlen($str) < 3) {$str .= substr($possible, (rand() % strlen($possible)), 1);}
	        $uploadfilename=time().$str;
			$new_file = $_FILES['file'.$i];
			$file_name = mysql_real_escape_string($file_name);
			$file_name = basename($file_name);
	        $file_name = $new_file['name'];
	        $file_tmp = $new_file['tmp_name'];
	        $File_Extension = explode(".", $_FILES['file'.$i]['name']);
	        $File_Extension = $File_Extension[count($File_Extension)-1];
	        if($file_name == NULL){
	            //echo "尚未選擇檔案<br />";
			$file[$i] = "uploads/";
	            $count++;
	        }
	        elseif($_FILES['file']['error'] > 0){
	            echo "上傳錯誤代碼:".$_FILES['file']['error'];
	            exit;
	        }
	        elseif(($max_size > 0) && ($_FILES['file']['size'] > $max_size)){
	            echo "您上傳的檔案大小大於".$max_size."位元組";
	            $temp = 20;
	        }
	        elseif(!in_array($File_Extension,$limitedext)){
	        	echo "$File_Extension <br /> $limitedext <br />";
	            echo "不支援此檔案類型<br />";
	            $temp = 10;
	        }
	        //elseif(!is_dir($upload_path) && !mkdir($upload_path)){
		//	exit;
	        //}
	        elseif(move_uploaded_file($file_tmp, "../".$upload_path.$uploadfilename.".".$File_Extension)){
				$file[$i] = $upload_path.$uploadfilename.".".$File_Extension;
	        }
	        else{
				$temp = 30;
	        }
		echo "<br />";
		}
	    if ($temp == 10) {
	    	echo "<script language='javascript'>";
	    	echo "alert('副檔名有誤（只允許GIF和JPEG檔）');";
	    	echo "history.back();";
	    	echo "</script>";
	    	die();
	    }else if ($temp == 20) {
	    	echo "<script language='javascript'>";
	    	echo "alert('無法上傳，請檢查檔案是否小於400 KB');";
	    	echo "history.back();";
	    	echo "</script>";
	    	die();
	    }else if ($temp == 30) {
	    	echo "<script language='javascript'>";
	    	echo "alert('無法上傳');";
	    	echo "history.back();";
	    	echo "</script>";
	    	die();
	    }
		if ($file[4] == NULL) {
            echo "<script language='javascript'>";
            echo "alert('店家招牌沒有上傳');";
            echo "history.back();";
            echo "</script>";
            die();
        }
		$sql = "INSERT INTO `Shops` (`fullname`, `address`, `tel`, `memo`, `food1`, `food2`, `food3`, `food4`, `pic1`, `pic2`, `pic3`, `pic4`, `pic5`, `maxofnumber` , `perordernumber`, `currentnumber`) VALUES ('$fullname', '$address', '$tel', '$memo', '$food1', '$food2', '$food3', '$food4', '$file[0]', '$file[1]', '$file[2]', '$file[3]', '$file[4]', '$maxofnumber', '$perordernumber', '0')";
		$mysql->query($sql, $link);
		$sql = "UPDATE `LoginUser` SET `shopname` = '$fullname' where `loginid` = '$uid'";
		$mysql->query($sql, $link);
		//add by hashman
		$sql = "SELECT shopid FROM Shops WHERE fullname = '$fullname'";
		$row = $mysql->query_row($sql, $link);
		$_SESSION['shopid'] = $row[0];
		//header("location:thanks.php?id=$uid");
		header("location:thanks.php?id=$row[0]");
	}
?>

